Hi everyone,
I'm looking to take data such as 201908.1 from a field I've renamed in my search as "Operating System Version" and separate 2019, 08, and 1 from it.
I've looked on here for help in regex or using substr and haven't been able to make it work.
If anyone has any input it'd be appreciated!
here you go !
try this run anywhere search
| makeresults | eval "Operating System Version"="201908.1" | table "Operating System Version" | rex field="Operating System Version" "(?<year>^\d{4})(?<month>\d{1,2})\.(?<day>\d{1,2})"
In your env, you should try
..| rex field="Operating System Version" "(?<year>^\d{4})(?<month>\d{1,2})\.(?<day>\d{1,2})"
Like this:
... | rex field=<YourFieldNameHere> "^(?<year>\d{4})(?<month>\d{2})\.(?<day>\d+)$"